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CHAPTER 

ONE 


PREFACE 


Nowadays it seems like talking about programming languages is a bit pass^. The technical wars of the past 
decade seem to have subsided and today we see a variety of high-level and well-established languages offering 

functionality that can meet the needs of any programmer. 

Python, Java, C-H-, C#, and Visual Basic are recent examples. Indeed, these languages make it easier to write 

CO sre very exible, offer features with highly dynamic behavior, and some even allow compilers 

to deduce the developer s probable intent. 


hy, then, talk about yet another language? Well, by addressing the general programming market, the aforemen¬ 
tioned languages have become poorly suited for working within the domain of high-integrity systems. In highly 
reliable, secure and safe applications such as those found in and around airplanes, rockets, satellites, trains, and 
in any device whose failure could jeopardize human life or critical assets, the programming languages used must 
support the high standard of software engineering necessary to maintain the integrity of the system. 

The concept of verification the practice of showing that the system behaves and performs as intended—is key in 
such environments. Verification can be accomplished by some combination of review, testing, static analysis, and 
formal proof techniques. Tlie increasing reliance on software and increasing complexity of today’s systems has 
made this task more difficult. Technologies and practices that might have been perfectly acceptable ten or fifteen 
years ago are insufficient today. Thankfully, the state of the art in analysis and proof tools and techniques has also 
advanced. 


The latest revisions of the Ada language, Ada 2005 and Ada 2012, make enhanced software integrity po.ssible. 
From its inception in the 1980s, Ada was designed to meet the requirements of high-integrity systems, and contin¬ 
ues to be well-suited for the implementation of critical embedded or native applications. And it has been receiving 
increased attention recently. Every language revision has enhanced expressiveness in many areas. Ada 2012, in 
particular, has introduced new features for contract-based programming that arc valuable to any project where 
verification is part of the engineering lifecycle. Along with these language enhancements, Ada compiler and tool 
technology has also kept pace with general computing developments over the past few years. Ada development 
environments are available on a wide range of platforms and are being used for the most demanding applications. 

It is no secret that we at AdaCore are very enthusiastic about Ada, but we will not claim that Ada is always 
the solution; Ada is no more a silver bullet than any other language. In some domains other languages make 
sense because of the availability of particular libraries or development frameworks. For example. C-H- and Java 
are considered good choices for desktop programs or applications where a shortened time to market is a major 
objective. Other areas, such as website programming or system administration, tend to rely on different formalisms 
such as scripting and interpreted languages. The key is to select the proper technical approach, in terms of the 
language and tools, to meet the requirements. Ada’s strength is in areas where reliability is paramount. 

Learning a new language shouldn’t be complicated. Programming paradigms have not evolved much since object 
oriented programming gained a foothold, and the same paradigms are present one way or another in many widely 
used languages. This document will thus give you an overview of the Ada language using analogies to C++ and 
Java—these are the languages you’re already likely to know. No prior knowledge of Ada is assumed. If you are 
working on an Ada project now and need more background, if you are interested in learning to program in Ada, 
or if you need to perform an assessment of possible languages to be used for a new development, this guide is for 
you. 

This document was prepared by Quentin Ochem, with contributions and review from Richard Kenner, Albert Lee, 
and Ben Brosgol. 



















CHAPTER 

TWO 


BASICS 


Ada implements the vast majority of programming concepts that you’re accustomed to in C++ and Java: classes 
inheritance, templates (generics), etc. Its syntax might seem peculiar, tliough. It’s not derived from the popular 
C style of notation with its ample use of brackets; rather, it uses a more expository syntax coming from Pascal. 
In many ways, Ada is a simpler language—its syntax favors making it easier to conceptualize and'^read program 
code, rather than making it faster to write in a cleverly condensed manner. For example, full words like begin 
and end are used in place of curly braces. Conditions are written using if, then, elsif, else, and end if. Ad.^’s 
assignment operator does not double as an expression, smoothly eliminating any frustration that could tw cau.se-i 
by = being used where == should be. 

All languages provide one or more ways to express comments. In Ada, two consecutive hyphens - - Jk 
start of a comment that continues to the end of the line. This is exactly the same as using // for cornnicnij C i - 
and Java. There is no equivalent of /* ... */ block comments in Ada; use multiple — lines instead. 

Ada compilers are stricter with type and range checking than most C++ and Java programmers arc u.sed (o. Vw.. 
beginning Ada programmers encounter a variety of warnings and error messages when coding more crcamciy, 
but this helps detect problems and vulnerabilities at compile time—early on in tbe development cvcic. lu nd<is- 
tion, dynamic checks (such as array bounds checks) provide verification that could not be done at compile time. 
Dynamic checks are performed at run time, similar to what is done in Java. 

Ada identifiers and reserved words are case insensitive. The identifiers VAR, var and VaR are treated as the same; 
likewise begin, BEGIN, Begin, etc. Language-specific characters, such as accents, Greek or Russian letters, and 
Asian alphabets, are acceptable to use. Identifiers may include letters, digits, and underscores, but must always 
start with a letter. There are 73 reserved keywords in Ada that may not be used as identifiers, and these are: 




abort 

else 

null 

select 

abs 

elsif 

of 

separate 

abstract 

end 

or 

some 

accept 

entry 

others 

subtype 

access 

exception 

out 

synchronized 

aliased 

exit 

overriding 

tagged 

all 

for 

package 

task 

and 

function 

pragma 

terminate 

array 

generic 

private 

then 

at 

goto 

procedure 

type 

begin 

if 

protected 

until 

body 

in 

raise 

use 

case 

interface 

range 

when 

constant 

is 

record 

while 

declare 

limited 

rem 

with 

delay 

loop 

renames 

xor 

delta 

mod 

requeue 


digits 

new 

return 


do 

not 

reverse 



/ - ———— ^ _ — - 

designed to be portable. Ada compilers must follow a precisely defined international (ISO) standan 
specification with clearly documented areas of vendor freedom where the behavior depends on t cm 
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plcnwntation. It’s fH)ssiblc. ihe», to write an impicnwmation-indcpcndcnt application in Ada and m , 

will hiivc ihc same cffcci across platlonns and compilers. 

Ada is truly a general purpose, multiple paradigm language that allows the programmer to employ or avoid 
like run-time contracf checking, tasking, object oriented f 

Ada is employed in device drivers, interrupt handlers, and other low-Icvcl Itmctions^ I may be found toda^ i„ 

devices with tight limits on processing speed, memory, and j for 

ptocramming larger interconnected systems running on workstations, servers, and p pulers. 










CHAPTER 

THREE 


COMPILATION UNIT STRUCTURE 


C-H- programming style usually promotes the use of two distinct files: header files used to define specifications {.h, 
,hxx^ ,hpp), and implementation files which contain the executable code (x, .cxx, .cpp). However, the distinction 
between specification and implementation is not enforced by the compiler and may need to be worked around in 
order to implement, for example, inlining or templates. 

Java compilers expect both the implementation and specification to be in the same .java file. (Yes, design patterns 
allow using interfaces to separate specification from implementation to a certain extent, but this is outside of the 
scope of this description.) 

Ada is superficially similar to the C-m- case: Ada compilation units are generally split into two parts, the speci¬ 
fication and the body. However, what goes into those files is more predictable for both the compiler and for tlie 
programmer. With GNAT, compilation units are stored in files with a .ads extension for specifications and with a 
.adb extension for implementations. 

Without further ado, we present tlie famous “Hello World” in three languages: 

[Ada] 

with Ada. Text__IO; 
use Ada.Text_IO; 

procedure Main is 
begin 

Put_Line ("Helic World”); 
end Main; 

[C++] 

^include <iostreani> 

using namespace std; 

int main(int arge, const char* argv[]) { 
cout << ’’Hello World” << endl; 

} 

[Java] 

public class Main { 

public static void main(String [] argv) { 

System. out.println ("Hello World”); 

} 

} 

The first line of Ada we see is the with clause, declaring that the unit (in this case, the Main subprogram) will 
require the services of the package Ada.TextJO. Tliis is different from how #include works in C++ in that it docs 
not, in a logical sense, copy/pastc the code of Ada.TextJO into Main. The with clause directs the compiler to 
make the public interface of the Ada.TextJO package visible to code in the unit (here Main) containing the with 
clause. Note that this construct does not have a direct analog in Java, where the entire CLASSPATH is always 
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accessible. Also, the name '*Muin” for ihc main suhpiY>i;r»in was chosen lor coiisisleiicy wllh tv* * anil Java Myli; 
but in Ada the name can be whatever ihe pix^grammer chooses, 

The use clause is the equivalent of using iiumespnce in Ctf i or iiupnri In Java (ihongh i( wasn i neccjtsiny lo 
import in the Java example alxwe). ll allows you to omil Ihe lull |)ac|vage name when lelertinp, (o withcd nnii^, 
Without the use clause, any reference io AdaJhxtJO items would Imvc had (o he lully (|nalilicd wllh ihc packijj;c 
name. Tlie PutJUne line would then have read: 

Ada,Text_IO.Put_Line (MleXlo WoricV); 

The w'ord ‘‘package” has different meanings in Ada and Java. In Java, a package Is used as a namespace lor classes, 
In Ada, it's often a compilation unit. As a result Ada tends lo have many more packages (han Java, Ada package 
specifications (“package specs” for short) have the following sirucluie; 

package Package_Name is 

— public declarations 

private 

— private declarations 
end Package_Name; 

The implementation in a package body (written in a aidh file) has the structure: 
package body Package_Name is 


— in^plerr.enrat ion 


end Package_Name; 

The private reserv'cd word is used to mark the start of the private portion of a package spec. Ity st)lil(ing (he 
package spec into private and public parts, it is possible to make an cnlity available for use while hiding its 
implementation. For instance, a common use is declaring a record (Ada's struct) whose (icids arc t)nly visible (o 
its package and not lo the caller This allows the caller to refer lo objects of that type, but not lo change any ol its 
contents directly. 

The package body contains implementation code, and is only accessible to outside code through declarations in 
the package spec. 

An entity declared in the private part of a package in Ada is roughly equivalent to a protected member of a C-H- or 
Java class. An entity declared in the body ol an Ada package is roughly equivalent to a private member of a C++ 
or Java class. 
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CHAPTER 

FOUR 


STATEMENTS, DECLARATIONS, AND 

CONTROL STRUCTURES 


4.1 Statements and Declarations 

The following code samples are all equivalent, and illustrate the use of comments and working with integer 
variables: 

[Ada] 


Ada program to declare and modify Integers 

procedure Main is 

Variable declarations 
A, B : Integer 0; 

C : Integer 100; 

D ; Integer; 

begin 

— Ada uses a regular assignment statement for incrementation. 
A := A 1; 

Regular addition 
D := A + B ^ C; 
end Main; 

[C-H-J 

/ * 

* C'h-i- program to declare and modify ints 
*/ 

int main(int arge, const char* argv[]) { 

// Variable declarations 
int a = 0, b 0, c =* 100/ d; 

// shorthand for incrementation 

a++; 

// Regular addition 
d == a + b + c; 


[Java] 

/ * 

* Java program to declare and modify ints 
*/ 

public class Main { 
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public static void main (String f] argv) ( 
,•" /' \''j ri Jh 1dcc2 .irjt ^ 

int a “ 0, b » 0, c - iOO, d; 

// Jav'j s.'icrtJiand for incromfdtat. ion 

a f -f- ; 


// . I\ og u2 (\ r a M i t i o /j 
d “ a + b + c; 


,, , , In Adii blocks of code lire siirroiindcd by ibt 

Stalcmenis arc teniiinatcd by semicolons in all t tree ant ^ ^ j ,| ,„u|(i.|inc and slnglcdinc cornmeni 

reserved words beRln and end ra.her than by curly braces. ^ ” 

styles in the C++ and Java code, and only single-line comments m the Ada code. 

. . »><iti<*d the tlcclarativi’ part, seen here Iwforc the 

Ada requires variable declarations to be made in a ^ ‘ j ‘ „pp„scd to .sliirling with tbc type as in 

begin keyword. Variable declarations start with ^ is different us well; if. Ada an 

fnLlilon cxp,.ssion can apply .o maUipIc >-arial.lc., (bu, wiin« cvalpalcd 

C++ and Java each variable is initialized individually. In all three languages, • J ' ‘ ' ‘ " 

and that function returns dilTercnt values on every invcKation. each variable will gel imlializcd to a (if crent id;r 

Let's move on to the imperative .statements. Ada does not provide ++ or — shorthand expressions for inev 
mcnt/dccremcnt operations; it is necessary to use a full assignment slalemenl. The := symbol is used in Adi o 
perform value assignment. Unlike C++'s and Java's = .symbol. := can not be used as part of an expression So 
statement like A := B := C; doesn't make sense to an Ada compiler, and neither docs a clau.se like "If 4 ;= /J ftio 
...” Both arc compile-llmc cm^rs. 

You can nesi a block of code within an outer block if you want to create an inner scope: 
with .^da.Text_IO; use Ada.Text_IO; 


procedure Main is 
begin 

Put__Line ("Before the inner block"); 


declare 

Alpha ; Integer :« 0; 
begin 

Alpha : *» Alpha -f 1; 

Put_Line ("How inside the inner block"); 
end; 


Put_Line ("After the inner block"); 
end Main; 


II IS OK to have an cipply dcclaralive pan or to omit the declarative part enlliely-iusi mart Ihe inner bltK-k willl 
bcein If you Inlvc no deelarattons to make. However it is not OK to have an empty sequence of slnlemenls. 
You mast at least provide a nulh slalemenl. which does nothitlg and indicates lltal Ihe oh,Lion of slaicnntnis is 


4.2 Conditions 

The use of the if statement: 
[Adal 

if Variable > 0 then 
Put_Line (" > 0 "); 
elsif Variable < 0 then 

■;- 8 ~ 
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Put^Line (" < 0 "); 
else 

Put_Line (” = 0 ”); 
end if; 

IC++] 

if (Variable > 0) 

cout << " > 0 " << endl; 
else if (Variable < 0) 

cout << " < 0 " « endl; 

else 

cout << ” - 0 ” « endl; 

[Java] 

if (Variable > 0) 

System.out .printIn (’’ > 0 ”); 
else if (Variable < 0) 

System.out.println (" < 0 "); 

else 

System.out.println (" =0 ”); 

In Ada, everything that appears between the if and then keywords is the conditional expression—no parentheses 
required. Comparison operators are the same, except for equality (=) and inequality (/=). The english words not, 
and, and or replace the symbols !, &, and I, respectively, for performing boolean operations. 

It s more customary to use && and il in C-H- and Java than & and I when writing boolean expressions. Tlie 
diflerence is that && and II are short-circuit operators, which evaluate terms only as necessary, and & and I will 
unconditionally evaluate all terms. In Ada, and and or will evaluate all terms; and then and or else direct the 
compiler to employ short circuit evaluation. 

Here are what switch/case statements look like: 

[Ada] 

case Variable is 
when 0 => 

Put_Line ("Zero”); 
when 1 .. 9 => 

Put_Line ("Positive Digit"); 
when 10 I 12 I 14 I 16 I 18 -> 

Put_Line ("Even Number between 10 and 18"); 
when others => 

Put_Line ("Something else"); 
end case; 

[C-H-] 

switch (Variable) { 
case 0: 

cout << "Zero" << endl; 

break; 

case 1: case 2: case 3: case 4: case 5; 
case 6: case 7; case 8: case 9: 

cout << "Positive Digit" << endl; 
break; 

case 10: case 12: case 14: case 16: case 18: 

cout << "Even Number between 10 and 18" << endl; 

break; 
default: 











gwitch (Variable) f 

case 0 : ("Zca-o"); 

Syst.ont. oLii . pr i n.. 

system.out.prlf'tlii ( ioji 

broaK; . * case iSi 

ca- lO: cao ^ 2 : -sc 

SyDtem.out .pri nt Ir 

break; 

' . .. I i„ cnteincnl. and each case sfarls vAih wh«n, 

,„ Ada. ,hc case and end ease lines enra-und'-hen. 
nrooramminE in Ada. replace switch wilh case, and replace ca.se wu 

programm g I ^ riniecers or enumcralion types), afxl mfwts all f//ssihte 

Case siatemenls in Ada require the use of discre c ^1^' handled, or if duplicate cases 

cases to be covered by »hen slnKmenB. irnol nll Ihe enses nre hnndle JL Jhen'rd'l, 


[mip'MU 


programming ... rvuu. .v,....... enumeration types), ami rerfuirs all 

Case siatemenls in Ada require the use of discrete ly[w.s (m cg^ jf j,|j alicatc cases exist, the 

eases to be covered by when slntemenls. If not n t ^ ‘ u.jng when rdher. w> in Ada. 

will not compile. The defanll case, dcrnull: in C and .nva, can b. spectlieo i, 

. will never fall through to subsequent cates. In 

In Ada. the break instruction is implicit and values using I which neatly replaces 

order to combine cases, you can specify ranges using.. and enumerate uisjoini 

♦Kd. tvsifirinir* rncp cfntenit^nts seen in Ihc C++ and Java versions. 


I 


4.3 Loops 


in Ada. ItKtps always start with the loop reserved word and end wilh end loop. To leave Ibe J>^ 

C«- and Java ciiuivalcnt being break. This slalemcnt can specify a icrminnling condllirm using tin. enil hen 
syntax. The loop opening the block can be preceded by a while or a for. 

The while loop is the simplest one. and is very similar across all three languagc.s: 

[Ada! 


while Variable < 10_000 loop 
Variable : * Variable ♦ 2; 
ond loop; 


1C-H-] 

while (Variable < 10000) { 

Variable « Variable ♦ 2; 

) 


[Java] 

while (Variable < 10000) { 

Variable = Variable ♦ 2; 

} 



Ada s for loop, however, is quite different from that in C++ and Java. It always increment.s or dccremcni.s a hxip 
index within a discrete range. The loop index (or “loop pantntclcr" in Ada parlance) is liwal to ihc scope ol the 

dSdv »> ‘hnl' ilemlion of the loop .slaccmcnls; the FognaiP cannt/1 

or loop parameter is derived from the range. The range is always given 
Lnd t^imte™ H I" "o^oo-liog order. If the starting bound i, grcaler Iton the entling 

in dccreasinn order i.seX'^r'^ ° ‘llo '“oP contents will not be cxcculed. To specify a loop ilcratitm 

decrensmg order, use the reverse reserved word. Here are examples of loops going in both dir^irm.; 

[Ada] 
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-r* Outputs 0 , 1 , 2 , 9 

for Variable in 0 .. 9 loop 

Put_Line {Integer'Image (Variable)); 

end loop; 

-- Outputs 9, S, 7, 0 

for Variable in reverse 0 .. 9 loop 
Put_Line (Integer'Image (Variable)) ; 

end loop; 

[C-H-] 

// Outputs 0, 1, 2, 9 

for (int Variable = 0; Variable <= 9; Variable^ i-) { 
cout << Variable << endl; 

) 

// Outputs 9, Q, 10 

for (int Variable » 9; Variable >=0; Variable—) { 
cout << Variable << endl; 

} 

[Java] 

// Outputs 0, I, 2, 9 

for {int Variable - 0; Variable <= 9; Variable-^^) { 
System.out.println (Variable); 

} 

// Outputs 9, S, 7, 0 

for (int Variable = 9; Variable >= 0; Variable —) { 
System.out.println (Variable) ; 

} 


Ada uses the Integer type’s ^linage altribule to convert a numerical value to a String. There is no implicit conver¬ 
sion between Integer and String as there is in C-H- and Java. We’ll have a more in-depth look at such attributes 
later on. 

It’s easy to express iteration over the contents of a container (for instance, an array, a list, or a map) in Ada and 
Java. For example, assuming that IntJList is defined as an array of Integer values, you can use: 

[Ada] 

for I of Int_List loop 

Put_Line (Integer'Image (I)); 
end loop; 

[Java] 

for (int i : Int_List) { 

System.out.println (i); 

} 




4.3. Loops 
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CHAPTER 


FIVE 


TYPE SYSTEM 


5.1 Strong Typing 

One of the main characteristics of Ada is its strong typing (i.c.» relative absence of implicit type conversions). 
This may take some getting used to. For example, you can’t divide an integer by a float. You need to pertomi 
the division operation using values of the same type, so one value must be explicitly converted to match the type 
of the other (in this case the more likely conversion is from integer to float). Ada is designed to guarantee that 
what's done by the program is what's meant by the programmer, leaving as little room for compiler inlerprelalion 
as possible. Let's have a look at the following example: 

[Ada] 

procedure Strong_Typing is 

Alpha : Integer 1; 

Beta : Integer 10; 

Result : Float; 

begin 

Result Float (Alpha) / Float (Beta); 
end Strong_Typing; 


[C++] 

void wea)cTyping (void) { 
int alpha « 1; 
int beta - 10; 
float result; 

result “ alpha / beta; 

} 

[Java] 

void weakTyping 0 { 

int alpha = 1; 
int beta « 10; 
float result; 


result ^ alpha / beta; 


- 


Arc the three programs above equivalent? It may seem like Ada is just adding extra complexity by forcing 
you to make the conversion from Integer to Float explicit. In fact it significantly changes the behavior of the 
computation. While the Ada code performs a floating point operation 1.0 / 10.0 and stores O.l in Result, the 
C-hf and Java versions instead store 0.0 in result. This is because the C++ and Java versions perform an integer 
operation between two integer variables: 1 /10 is 0. Tlie result of the integer division is then converted to ti float 
and stored. Errors of this sort can be very hard to locate in complex pieces of code, and systematic specification 
of how the operation should be interpreted helps to avoid this class of errors. If an integer division was actually 
intended in the Ada case, it is still necessary to explicitly convert the final result to Float: 
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f'ctt nrw .j;j ^ 

Rooult. j-» rio.Mt. (Alphri / hfi’nM 


III Alla, a lldalinii polni lilenil iiiu^l he wfillCM will) la»lh ))i) p a 

limiting point value, while 10.0 In. 


10 noi a valid liteial (bi a 


5.2 Language>Deflned Types 


The principill Nc;iliir lypcft pralclined l»y Aihi luc liilr^yr, 
Hont. bnol/lioolciiii, and char, ic!»|H:c(ivcly. 'Mic naiiifh 
idciitillers. 


Hoiii, lUinlcm, and Cluinii wr. 'I'liese c<>rrc!>|H)nd (o liit, 
(or iheoe ly|>ch ate iioi reserved words; (liey are regular 


5.3 Application-Defined Types 


Ada’s type syslein encourages prograiiitners lo lliink about data at a liigli level o( abstraclioii. Hie coinpder will 
at times output a simple elliclenl machine insliuclion lor a lull line oC Miurcc code (and some itisiruclions can Iw 
climinateil entirely). 'I’lie curerni prognunmer's coiiL'crn (hut ilic o|)cnilion reiilly makes sense in the real world 
would be salislied, and so would the progiannncr's concern al)onl pcrlorinance, 


The next example below delincs two diircreni metrics; area and distance. Mixing these two metrics must be 
done witli great care, as certain operations do not make sense, like adding an area lo a distance. Olliers require 
knowledge of the expected .semantics; for cxam|)le, multiplying two distances, 'lb help avoid errors, Ada requires 
that each of the binary operators “4**. and *7’* lor integer and lloaling-point lype.s take operands of the 

same type and return a value of that type. 

procoduro Main is 

typo Diatrincu now Float; 
typo Aron !• now Float/ 


D1 ; Diotanco ; 2.0; 

D2 : Diatnncf? '1.0; 
A : Area; 

begin 

Dl D1 ^ D2; 

D1 ; DI k A; 

A :* Dl -r D2; 

A Aron (Dl * r;2); 

end Main; 


- OK 

- tIO T OK: in t. i h J o 

fK)T OK ; incowfj.it Jijitf 

'■ OK 


tyiJiis toi **f ” opomtoi 
typoo iotr aaciqnmont 


Kven (hough the Distance and Area types above are just Floats, the compiler does not allow arbitrary mixing of 
values of these different types, An explicit conversion (which does not necessarily mean any additional object 
code) is necessary. 

I he predefined Ada rules are not perfect; they admit some problematic ea.ses (for example multiplying two Dis¬ 
tances yields a Distance) and prohibit .some useful eases (for example multiplying two Distances should deliver 
an Area). 'Hiese situations can be handled through other mechanisms. A predefined operation can be identified as 
abstract lo make it unavailable; overloading can be used lo give new interpretations to existing operator symbols, 
for example allowing an operator lo return a value from a type different from its operands; and more generally. 
Ada 2012 lias introduced a facility that helps perform dimensionality cheeking. 

Ada enumerations work similarly lo C++ and Java’s enutm. 

[Ada] 

typa Day is 

(Monday, 

Tuesday/ 

Wednesday/ 

Thuraday, 
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Friday, 
Saturday, 
Sunday); 

IC++1 

enum Day { 
Monday, 
Tuesday, 
Wednesday, 
Thursday, 
Friday, 
Saturday, 
Sunday); 


(Java) 


enum Day I 
Monday, 
Tuesday, 
Wednesday, 
Thursday, 
Friday, 
Saturday, 
Sunday}; 


But even though such cnunicnitions nuiy he irnplcincnicd using a machine word, at the language level Ada will 
not confuse the fact that Monday is a Day and is not an Intef^er. You cun compare a Day willi another Day, though. 
To specify implementation details like the numerie values that correspond with enumeration values in C++ you 
include them in the original eniiin statement: 


IC++] 


enum Day ( 

Monday - 10, 

Tuesday « H, 

Wednesday * 12, 

Thursday * 13, 

Friday * 14, 

Saturday « 15, 

Sunday * 16); 

But in Ada you must use both a type definition for Day as well as a separate representation clause for it like: 
[Ada] 

for Day use 

(Monday =*> 10/ 

Tuesday =*> 11/ 

Wednesday •*> 12/ 

Thursday *> 13/ 

Friday *> 14/ 

Saturday =“> 15/ 

Sunday *> 16); 


5.4 Type Ranges 

Contracts can be associated with types and variables, to refine values and define what are considered valid values. 
The most common kind of contract is a range consiralni introduced with the range reserved word, for example: 

procedure Main is 

type Grade is range 0 .. 100; 

5.4. Type Ranges 
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Gl, G2 : Grade; 

N : Integer; 

begin 

G1 := 80; 

G1 := N; 

G1 Grade (N); 

G2 := G1 -H 10; 

G1 := (G1 + G2)/2; 
end Main; 

In the above example. Grade is a new integer type associated with a range check. Range checks are dynamic and 
are meant to enforce the property that no object of the given type can have a va ue outsi e ic .speci le range. 
In this example, the first assignment to GI is correct and will not raise a run-time exceprion. ssigning to Gl 
is illegal since Grade is a different type than Integer. Converting N to Grade makes the assignment legal, and a 
range check on the conversion confirms that the value is within 0 .. 100. Assigning Gl+IO to G is egal since + 
for Grade returns a Grade (note that the literal 10 is interpreted as a Grade value in this context), and again there 
is a range check. 

The final assignment illustrates an interesting but subtle point. The subexpression Gl -I- G2 may be outside the 
range of Grade^ but the final result will be in range. Nevertheless, depending on the representation chosen for 
Grade, the addition may overflow. If the compiler represents Grade values as signed 8-bit integers (i.e., machine 
numbers in the range -128 .. 127) then the sum C/+C2 may exceed 127, resulting in an integer overflow. To 
prevent this, you can use explicit conversions and perform the computation in a sufficiently large integer type, for 
example: 

Gl := Grade (Integer (Gl) + Integer (G2)) / 2); 

Range checks are useful for detecting errors as early as possible. However, there may be some impact on per¬ 
formance. Modem compilers do know how to remove redundant checks, and you can deactivate these checks 
altogether if you have sufficient confidence that your code will function correctly. 

Types can be derived from the representation of any other type. The new derived type can be associated with new 
constraints and operations. Going back to the Day example, one can write: 

type Business_Day is new Day range Monday .. Friday; 
type Weekend_Day is new Day range Saturday .. Sunday; 

Since these are new types, implicit conversions arc not allowed. In this case, it’s more natural to create a new set 
of constraints for the same type, instead of making completely new ones. This is the idea behind ‘subtypes’ in 
Ada. A subtype is a type with optional additional constraints. For example; 

subtype Business_Day is Day range Monday .. Friday; 
subtype Weekend_Day is Day range Saturday .. Sunday; 
subtype Dice_Throw is Integer range 1 .. 6; 

These declarations don’t create new types, just new names for constrained ranges of their base types. 


— Initialization o£ it 

— OK 

-- Illegal ("type mismatch) 

— Legal, run-time range check 

— Legal, run-time range check 

— Legal, run-time range check 


5.5 Generalized Type Contracts: Subtype Predicates 

Range checks arc a special form of type contracts- a more oen^rni i • 

introduced in Ada 2012. A subtype predicate is a boolcan^exnres.2n*di‘" 

given type or subtype. For example, the Dice Throw subtype shown abtw required for J 

ype. own above can be defined in the following way: 

subtype Dice_Throw is Integer 

with Dynamic_Predicate => Dice_Throw in 1 


6 ; 


The clause beginning with with introduces an Ada^aspcct’ which is M.,. ^ ■ c 

entities such as types and subtypes. The Dynamic Pr^icate asn^.M i .T; 'nP»rmation provided for dcclaw 

icaie aspect is the most general form. Within the prcdicau 
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expression, the name of the (sub)lypc refers lo the current value of the (sub)iype. The predicate is checked on 
assignment, parameter passing, and in several other contexts. 

There is a difference between static and dynamic predicates. Static predicates are evaluated at compile time, and 
dynamic predicates arc evaluated at run lime. A sialic predicate is either a static expression, or a comparison 
between a reference lo a value of the type and a static expression. If the predicate is dynamic, it needs to be 
specified with a Dynamic ^Predicate. Flere are examples of sialic and dynamic predicates: 

Zero : Integer :*= 0; 

type Not_Mull_l is new Integer 

with Static^Predicate =»> Not_Null_l /- 0/ 

type Not_Null_2 is new Integer 

with Dynainic_Predicate «> Not_Null_2 ^ I 1; 

type Not_Null_3 is new Integer 

with Dynainic_Predicate -> Not_Null_3 /« Zero; 

In the above case, NotJNullJl is not a comparison between a simple value of the object and a static expression, 
so it has to be dynamic. Not_Null_3 is a comparison with a variable, which may be changed at any point of the 
program, thus it needs to be dynamic as well. Here, it’s possible to re-organize the dynamic predicate lo obtain a 
static one, but there are cases where predicates arc dynamic by nature, for example: 

type Even is new Integer 

with Dynamic^Predicate »> Even mod 2 = 0; 


5.6 Attributes 

Allribules start with a single apostrophe (“lick’'), and they allow you lo query properties of, and perform certain 
actions on, declared entities such as types, objects, and subprograms. For example, you can determine the first 
and last bounds of scalar types, get the sizes of objects and types, and convert values to and from strings. This 
section provides an overview of how attributes work. For more information on the many attributes defined by the 
language, you can refer directly lo the Ada Language Reference Manual. 

The * Image and 'Value allribules allow you to transform a scalar value into a String and vice-versa. For example: 
declare 

A ; Integer 99; 

begin 

Put_Line { Integer'Image (A)); 

A Integer'Value ("99"); 

end; 

Certain allribules arc provided only for certain kinds of lypes. For example, ihe "Val and 'Pos allribules for an 
cnumcralion lype associales a discrclc value wilh ils posilion among ils peers. One circuitous way of moving to 
ihe ncxl characlcr of Ihc ASCII labic is: 

[Ada] 

declare 

C : Character 'a'; 

begin 

C Character'Val (Character'Pos (C) + 1); 

end; 

A more concise way lo get the next value in Ada is to use the 'Succ attribute: 
declare 

C : Character 'a'; 

begin 
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C Character^Succ (C) ; 
end; 

You can get the previous value using the 'Pred allributc. Here is the cquivaicnl in C+H- and Java: 

[ C ++1 

char c = 'a'; 

C+-+; 

[Java] 

char c = 'a' ; 

C-^1-; 

Other interesting examples are the 'First and 'Lxtst attributes which, respectively, return the first and last values of 
a scalar type. Using 32-bit integers, for instance. Integer'First returns -2^* and Integer'Last returns 2^' -1. 


5.7 Arrays and Strings 

C-f+ arrays are pointers with offsets, but the same is not the case for Ada and Java. Arrays in the latter two 
languages are not interchangable with operations on pointers, and array types are considered first-class citizens 
in the languages. Arrays in Ada have dedicated semantics such as the availability of the array’s boundaries at 
run-time. Therefore, unhandled array overflows arc impossible unless checks are suppressed. Any discrete type 
can serve as an array index, and you can specify both the starting and ending bounds—the lower bound doesn’t 
necessarily have to be 0. Most of the time, array types need to be explicitly declared prior to the declaration of an 
object of that array type. 

Here’s an example of declaring an array of 26 characters, initializing the values from ‘a’ to ‘z’: 

[Ada] 

declare 

type Arr_Type is array (Integer range <>) of Character; 

Arr ; Arr_Type (1 26); 

C : Character := 'a'; 
begin 

for I in Arr'Range loop 
Arr (I) := C; 

C := Character'Succ (C); 
end loop; 
end; 

[C++] 

char Arr [26]; 
char C « ' a' ; 

for (int 1=0; I < 26; ++I) { 

Arr [I] = C; 

C - C + 1; 


[Java] 

char [] Arr = new char [26]; 
char C = 'a'; 

for (int 1 = 0; I < Arr.length; + ( 

Arr [I] = C; 

C = C 4- 1; 


] 
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In C++ and Java, only the si/c ol* ihc array is given during dcclanilion. In Ada, array index ranges are specified 
using two values of a discrete type. In this example, the array type declaration specifies the use of Integer as the 
index type, but does not provide any constraints (use o, pn)nouiK*ed ‘box', to specify “no constraints”). The 
constraints are defined in the object declaration to be 1 to 26. inclusive. Arrays have an attribute called *Ran^e. 
In our example. Arr'Ranine can also be expressed as Arr*First .. Arr*Last\ both expressions will re.solve to 7 .. 
26. So the 'Range attribute supplies the bounds for our for kH)p. There is no risk of staling either of the bounds 
incorrectly, as one might do in C++ where “I <= 26“ may be specified as the end-of-Ioop condition. 

As in C++, Ada Strings are arrays of Characters, Tlie C++ or Java String class is the equivalent of the Ada type 
Ada.Strings.UuboundedJString which offers additional capabilities in exchange for some overhead. Ada strings, 
importantly, are not delimited with the special cliaracter *\()' like they arc in C++. It is not necessary because Ada 
uses the array's bounds to detennine where the siring starts and slops. 

Ada's predefined String type is very straighforward to use: 

My_String : String (1 .. 26) ; 


Unlike C++ and Java, Ada does not offer escape sequences such as *\n'. Instead, explicit values from the ASCII 
package must be concatenated (via the concatenation operator, &). Here for example, is how to initialize a line of 
text ending with a new line: 

My_String : String := “Tliis is a line with a end of line" & ASCII.LF; 

You see here that no constraints arc necessary for this variable definition. The initial value given allows the 
automatic determination o[ My ^String's bounds. 

Ada offers high-level operations for copying, slicing, and assigning values to arrays. We’ll start with assignment. 
In C++ or Java, the assignment operator doesn’t make a copy of the value of an array, but only copies the address 
or reference to the target variable. In Ada, the actual array contents are duplicated. To get the above behavior, 
actual pointer types would have to be defined and used. 

[Ada] 

declare 

type Arr_Type is array (Integer range <>) of Integer 
A1 : Arr_Type (1 .. 2); 

A2 : Arr_Type (1 .. 2); 

begin 

A1 (1) => 0; 

A1 (2) - 1; 

A2 :» Al; 

end; 

IC++] 

int Al [2]; 

int A2 [2]; 

Al [0] - 0/ 

Al [1] * 1; 

for (int i “ 0; i < 2; + + i) { 

A2 [i] - Al [i]/ 

} 

[Java] 

int [1 Al = new int [2]; 
int [ ] A2 =» new int [ 2 ]; 

Al [01 * 0; 

Al (11 - 1; 

A2 « Arrays.copyOf(Al, Al.length); 
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In all of ihc examples above, ihe source and destination arrays must have precisely the same number of elements, 
Ada allows you to easily specify a portion, or slice, of an array. So you can write 11 . c 

[Ada] 


declare 

type Arr_Type is array (Integer range <>) of Integer 
A1 ; Arr_Type (1 .. 10); 

A2 : Arr_Type (1 .. 5); 


begin 

A2 (1 . . 3) := A1 (4 . . 6); 


end; 


1 . e Ai iVir* let 9nd and 3rd elements of A2. Note that only the 

This assigns the 4th, 5th, and 6th elements ot Al into the 1st, , 

length matters here; the values of the indexes don’t have to be equal, they s i e au 

Ada also offers high level eomparisoo operalions whieh compare Ihe contenrs of arrays as opposed to Iheir ad- 

dresses: 


[Ada] 


declare 

type Arr_Type is array (Integer range <>) of Integer; 
A1 : Arr_Type (1 .. 2) ; 

A2 ; Arr_Type (1 .. 2) ; 
begin 

if A1 = A2 then 


[C++] 

int A1 [2]; 
int A2 [2]; 

bool eq = true; 

for (int i = 0; i < 2; -»* + i) { 
if (A1 [i] != A2 [i]) { 

eq = false; 

} 

} 


if (eq) { 

[Java] 

int (] A1 = new int [2]; 
int [1 A2 = new int [2]; 

if (Al. equals (A2)) { 

You can assign to all the elements of an array in each language in different ways. In Ada, the number of elements 
to assign can be determined by looking at the right-hand side, the left-hand side, or both sides of the assignment. 
When bounds are known on the left-hand side, it’s possible to use the others expression to define a default value 
for all the unspecified array elements. Therefore, you can write: 

declare 

type Arr_Type is array (Integer range <>) of Integer; 

Al : Arr_Type := (1/ 2, 3, 4, 5, 6, 1, Q, 9); 

A2 : Arr_Type (-2 .. 42) := (others => 0); 
begin 

Al := (1/ 2, 3, others => 10); 

— use a slice to assign A2 elements 11 .. 19 to 1 
A2 (11 .. 19) := (others => 1); 

end; 
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5.8 Heterogeneous Data Structures 

In Ada. tlicrc’s no distinction between struct and class a.s there is in C-H-. All heterogeneous data structures are 
records. Here are some simple records: 

[Ada] 

declare 

type R is record 
A, B ; Integer; 

C : Float; 
end record; 

V : R; 
begin 

V.A 0; 
end; 

|C++] 

struct R { 
int h, B; 
float C; 

}; 

R V; 

V.A - 0; 

[Java] 

class R ! 

public int A, B; 
public float C; 

} 

R V - new R () ; 

V.A = 0; 

Ada allows specification of default values for fields just like C++ and Java. The values specified can take the form 
of an ordered list of values, a named list of values, or an incomplete list followed by others => o to specify that 
fields not listed will take their default values. For example; 

type R is record 

A, B : Integer :* 0; 

C : Float 0.0; 
end record; 

VI : R «> (1, 2, 1.0) ; 

V2 : R => (A => 1, B “> 2, C =■> 1.0); 

V3 : R “> (C “> 1.0, A => 1, B => 2); 

V3 ; R => (C “> 1.0, others => <>); 


5.9 Pointers 

I 

I 

f 

i Pointers, references, and accc.ss types differ in significant ways across the languages that we are examining. In 

I C++, pointers are integral to a basic understanding of the language, from array manipulation to proper declaration 

I and use of function parameters. Java goes a step further: everything is a reference, except for primitive types like 

scalars. Ada’s design goes in the other direction: it makes more features available without requiring the explicit 
use of pointers. 

We’ll continue this section by explaining the difference between objects allocated on the stack and objects alio- 
cated on the heap using the following example: 
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lAiJul 

doclato 

typQ ia rocord 
A, B : Integer; 
ond rocord; 


VI, V2 : R; 
begin 

VI.A 0; 

V2 VI; 
V2.A 1; 

end; 


i 


IC-H-l 

Struct R { 
int A, D; 

I 

R VI, V2; 

VI.A " 0; 

V2 « VI; 

V2.A - 1; 

[Java] 

public class R i 
public int A, B; 

1 


R VI, V2; 

VI * new R (); 
VI.A « 0; 

V2 - VI; 

V2.A - 1; 


There’s a fundamental difference between the Ada and C++ semantics above and the semantics for Java. In Ada 
and C++, objects arc allocated on the stack and are directly accessed. VI and V2 are two different objects and the 
assignment statement copies the value of V! into V2. In Java. VI and V2 are two ‘references’ to objects of class 
R. Note that when VI and V2 are declared, no actual object of class R yet exists in memory: it has to be allocated 
later with the new allocator operator. After the assignment V2 = VI, there’s only one R object in memory: the 
assignment is a reference assignment, not a value assignment. At the end of the Java code, VI and V2 are two 

™ ?r.'rir “ <>f i” "■= ^ 

and ihc C-H- case VI and V2 are two distinct objects. 


To obtain similar behavior in Ada. you can use pointers. It can be done through Ada’s ‘access type’: 
[Ada] 


declare 

type R is record 
A, B ; Integer; 
end record; 

type R_Access is access R; 

VI : R_Access; 

V2 : R_Access; 
begin 

VI :» new R; 

VI.A :« 0; 

V2 VI; 

V2.A 1; 
end; 
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[C++1 

struct R ( 
int A, B; 

) 

R ' VI/ *■ V2; 

VI -= new R {); 

VI->A = 0; 

V2 = VI; 

V2->A 4 . 

For those coming from the Java world; there’s no garbage collector in Ada, so objects allocated by the new 
operator need to be expressly freed. 

Dereferencing is performed automatically in certain situations, for instance when it is clear that the type required 
is the dereferenced object rather than the pointer itself, or when accessing record members via a pointer. To 
explicitly dereference an access variable, append ,all. The equivalent of VI->A in C++ can be written either as 
VIA or VI.alLA. 

Pointers to scalar objects in Ada and C++ look like: 

[Ada] 

procedure Main is 

type A_Int is access Integer; 

Var : A__Int := new Integer; 
begin 

Var.all := 0; 
end Main; 

[C+-t] 

int main (int arge, char *argv[l) { 
int ★ Var =“ new int; 

^Var = 0; 

} 

An initializer can be specified with the allocation by appending '(value): 

Var : A_Int := new Integer'(0); 

When using Ada pointers to reference objects on the stack, the referenced objects must be declared as being 
aliased. This directs the compiler to implement the object using a memory region, rather than using registers or 
eliminating it entirely via optimization. The access type needs to be declared as either access all (if the referenced 
object needs to be assigned to) or access constant (if the referenced object is a constant). The 'Access attribute 
works like the C++ & operator to get a pointer to the object, but with a ‘‘scope accessibility” check to prevent 
references to objects that have gone out of scope. For example: 

[Ada] 

type A_Int is access all Integer; 

Var : aliased Integer; 

Ptr : A_Int Var'Access; 

[C++] 

int Var; 

int * Ptr “ &Var; 

To deallocate objects from the heap in Ada, it is necessary to use a deallocation subprogram that accepts a 
specific access type. A generic procedure is provided that can be customized to fit your needs it s called 
Ada.Unchecked^Deallocation, To create your customized deallocator (that is, to instantiate this generic), you 
must provide the object type as well as the access type as follows: 

[Ada] 
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with Ada . Unctf*cked_Dea.llC'cat icn; 
proceduco Ma^n is 

typ« InL€;g».‘r_Acce53 is sccssi all Tnteqoi; 

procadura froi? is now Ada .UnchocJced^.Doa Ilocat; ion ( fnt , 

: Iat.f-'9er_Acc*2 3 a :new 

bog in 

Free i My_Po1nter ); 
ond Main; 


r nt / 


IC++1 

int main (int argc, char •argvi]) ( 
int •' my^pointor now int; 
dolete my_poinier; 
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CHAPTER 

SIX 


FUNCTIONS AND PROCEDURES 


6.1 General Form 


Subroutines in C++ and Java are always expressed as functions (methods) wliich may or may not return a value. 
Ada explicitly differentiates between functions and procedures. Functions must return a value and procedures 
must not. Ada uses the more general tenn “subprogram” to refer to both functions and procedures. 

Parameters can be passed in three distinct modes: in, which is the default, is for input parameters, whose value is 
provided by the caller and cannot be changed by the subprogram, out is for output parameters, with no initial 
to be assigned by the subprogram and returned to the caller, in out is a parameter with an initial value provide 
by the caller, which can be modified by the subprogram and returned to the caller (more or less the equivalent of 
a non-constant reference in C++). Ada also provides access parameters, in effect an explicit pass-by-reference 
indicator. 

In Ada the programmer specifies how the parameter will be used and in general the compiler decides how it will 
be passed (i.e., by copy or by reference). (There are some exceptions to the “in general”. For example, parameters 
of scalar types are always passed by copy, for all three modes.) C++ has the programmer specify how to pass the 
parameter, and Java forces primitive type parameters to be passed by copy and all other parameters to be passed 
by reference. For this reason, a 1:1 mapping between Ada and Java isn’t obvious but here’s an attempt to show 

these differences: 

[Ada] 

procedure Proc 
(Varl : Integer; 

Var2 : out Integer; 

Var3 : in out Integer); 

function Func (Var : Integer); 

procedure Proc 
(Varl : Integer; 

Var2 : out Integer; 

Var3 : in out Integer) 
is 

begin 

Var2 := Func (Varl); 

Var3 := Var3 + 1; 
end Proc; 

function Func (Var : Integer) return Integer 
is 

begin 

return Var + 1; 
end Func; 

IC++] 
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void i*roc 
(int Varl, 
int .ii Var2, 
int v Var3); 

int Func (int Var); 

void Proc 
(int Vari, 
int i Var2, 
int S Vdr3) { 

Var2 * Func (Varl); 
Var3 * Var3 1; 


int Func (int Var) ( 
roturn V.ir 1; 

} 

{JavaI 

public class ProcOata ( 
public int Var2; 
public int Var3; 

public void Proc lint Varl) { 
Var2 Func iVarl) ; 

Var3 * VarJ - 1; 


int Func lint Var) i 
return Var - 1; 

I 

Tl>c firsi iwo dccbraiions for Pwe and Func arc spcciricati(3ns of llic subprograms which arc being provided later. 
Although optional here, it’s still considered gcxxl practice to separ;itely dehne specifications and implementations 
in order to make it easier to read the program. In Ada and C-H-. a function that has not yet been seen cannot be 
used. Here. Proc can call Func because its specification has been dcclarod. In Java, it’s fine to have the declaration 
of the subprogram later . 

Parameters in Ada subpnigram declarations arc .separated with semicolons, because commas are resersed for 
listing multiple parameters of the same type. Parameter declaration synia.x is the same as variable declaration 
syntax, including default values for parameters. If there are no parameters, the parentheses must be omitted 
entirely from both the declaration and invocation of the subprogram. 


6.2 Overloading 


Different subprograms may share the same name; this is called “overloading.” As long as the subprogram signa¬ 
tures (subprogram name, parameter types, and return types) are different, the compiler will be able to resolve the 
calls to the proper destinations. For example: 

function Value (Str : String) return Integer; 
function Value (Str : String) return Float; 

V ; Integer Value ("8”); 

The Ada compiler knows that an assignment to V requires an Integer. So, it chooses the Value function that returns 
an Integer to satisfy this requirement. 
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Operators in Ada can Iro treated as lunciions iw. This allows you to define local ofterators that override operators 
defined at an outer scope, and provide overloaded 0|K*rators that operate on and compare different types. To 
express an operator as a function, enclose it in i|uotes; 

[Ada! 

function (Lett : Day; Right : Integer) return Boolean; 

{C++] 

bool operator (Day Left, int Right); 


6.3 Subprogram Contracts 

You can express the expected inputs and outputs of subprograms by specifying subprogram contracts. The com¬ 
piler can then check for valid conditions to exist when a subprogram is called and can check that the return value 
makes sense. Ada allows defining contracts in the form of Pre and Post conditions; this facility was introduced in 
Ada 2012. llicy look like; 

function Divide (Left, Right : Float) return Float 
with Pre => Right 0.0, 

Post Divide'Result ♦ Right < Left + 0.0001 

and then Divide'Result * Right > Left - 0.0001; 

The above example adds a Pre condition, staling that >' cannot be equal to 0.0. While the IEEE floating point 
standard pennits divide-by-zcro. you may have determined that use of the result could still lead to issues in a 
particular application. Writing a contract helps to detect this as early as possible. Tliis declaration also provides a 
Post condition on the result. 

Postconditions can also be expressed relative to the value of the input: 

procedure Increment {V : in out Integer) 
with Pre V < Integer'Last, 

Post V " V'Cid 1; 

V'OM in the postcondition represents the value that V had before entering Increment. 


S-3. Subprogram Contracts 
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CHAPTER 

SEVEN 


PACKAGES 


7.1 Declaration Protection 

The package is the basic modularization unit of the Ada language, as is the class for Java and the header and 
implementation pair for C-H-. An Ada package contains three parts that, for GNAT, are separated into two files: 
.ads flies contain public and private Ada specifications, and .adb files contain the implementation, or Ada bodies. 

Java doesn’t provide any means to cleanly separate the specification of methods from their implementation: they 
all appear in the same file. You can use interfaces to emulate having separate specifications, but this requires the 
use of OOP techniques which is not always practical. 

Ada and C+4- do offer separation between specifications and implementations out of the box, independent of OOP. 

package Package_Nar:\e is 

-- public specifications 

private 

— private specifications 
end Package_Name; 

package body Package_Name is 

— inplerr.entation 
end Package__Name; 

Private types are useful for preventing the users of a package’s types from depending on the types’ implemen¬ 
tation details. The private keyword splits the package spec into “public” and “private” parts. That is somewhat 
analogous to C-H-’s partitioning of the class construct into different sections with different visibility properties. In 
Java, the encapsulation has to be done field by field, but in Ada the entire definition of a type can be hidden. For 
example: 

package Types is 

type Type_l is private; 
type Type_2 is private; 
type Type_3 is private; 
procedure P {X : Type_l); 

private 

procedure Q (Y : Type_l); 

type Type_l is new Integer range 1 .. 1000; 
type Type_2 is array (Integer range 1 .. 1000) of Integer; 
type Type_3 is record 
Af B : Integer; 
end record; 
end Types; 

Subprograms declared above the private separator (such as P) will be visible to the package user, and the ones 
below (such as Q) will not. The body of the package, the implementation, has access to both parts. 
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7.2 Hierarchical Packages 

Ada packages can be organized into hierarchies. A child unit can be declared in the lollo-viiig way. 

package r.ooc.Child is 

package spec goes tere 
end Root.Child; 

package body Root.Child is 

— package tody gees here 
end Root.ChiId; 

Here, Root.Child is a child package of Root. The public part of Root.Child has access to the public part oi R(Wt. 
The private part of Child has access to the private part of Root, which is one of the main a santages ^ ^ * 
packages. However, there is no visibility relationship between the two bodies. One common way to use l is 
capability is to define subsystems around a hierarchical naming scheme. 


7.3 Using Entities from Packages 

Entities declared in the visible part of a package specification can be made accessible using a with clause that 
references the package, which is similar to the C-f-H #include directive. Visibility is implicit in Java: you can 
always access all classes located in your CLASSPATH. After a with clause, entities needs to be prefixed by the 
name of their package, like a C++ namespace or a Java package. This prefix can be omitted if a use clause is 
employed, similar to a C++ using namespace or a Java import. 

(Ada) 

— pck.ads 

package Rck is 

My_Giob : Integer; 
end Fck; 

-- ralc.adb 

with Pek; 

procedure Main is 
begin 

Rck.My^Glob :* 0; 
end Main; 

ic++i 

— pck.h 

naiaespace pek { 

extern int myGlob; 

) 


— pck.cpp 

namespace pek { 
int rnyGlob; 

} 


— main.cpp 
4Include "pck.h*' 

int main (int arge, char argv) { 
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CHAPTER 

EIGHT 


CLASSES AND OBJECT ORIENTED 

PROGRAMMING 


8.1 Primitive Subprograms 


Primitive subprograms in Ada arc basically the subprograms that arc eligible for inheritance / derivation. They are 
the equivalent of C-H- member functions and Java instance methods. While in C++ and Java these subprograms 
arc located within the nested scope of the type, in Ada they are simply declared in the same scope as the type. 
There s no syntactic indication that a subprogram is a primitive of a type. 

The way to determine whether P is a primitive of a type 7 is if (1) it is declared in the same scope as 7, and (2) it 
contains at least one parameter of type 7, or returns a result of type 7. 

In C++ or Java, the self mference this is implicitly declared. It may need to be explicitly stated in certain situations, 
but usually it’s omitted. In Ada the self-reference, called the ‘controlling parameter’, must be explicitly specified 
in the subprogram parameter list. While it can be any parameter in the profile with any name, we’ll focus on the 
typical case where the first parameter is used as the ‘self’ parameter. Having the controlling parameter listed first 
also enables the use of OOP prefix notation which is convenient. 

A class in C++ or Java corresponds to a tagged type in Ada. Here’s an example of the declaration of an Ada 
tagged type with two parameters and some dispatching and non-dispatching primitives, with equivalent examples 
in C++ and Java: 

[Ada] 

type T is tagged record 
V, W : Integer? 
end record; 

type T__Access is access all T? 
function F (V : T) return Integer; 
procedure PI {V : access T); 
procedure P2 (V : T_Access); 

[C++] 

class T { 
public: 

int V, W; 

int F (void); 

void PI (void)? 

}; 


33 

cjcannea Dy uamcDcanner . , 













Ada lor Iho C++ orjJava Devo[oporj^R«lw«5c J ^ 


void P2 (T * V); 

(Java! 

public class T ( 

public int V, V/; 

public int F (void) (I; 

public void PI (void) (); 

public static void P2 (Tv) (|; 

Note lhal P2 is not a primitive of T —it does not have any parameters ol type 7»Its parameter is of type 7'^rmt, 
which is a differeiu type. 

Once declared, primitives can be called like any subprogram with every necessary parameter specified, or called 
using prefix notation. For example: 

[Ada] 

declare 
V : T; 
begin 
V.Pl; 
end; 

IC4-4.1 

{ 

T v; 

V.Pl 0; 

1 

[Java] 

{ 

T V « new T () ; 

V.Pl 0; 

1 


8.2 Derivation and Dynamic Dispatch 


Despite the syntactic differences, derivation in Ada is similar to derivation (inheritance) in C++ or Java. For 
example, here is a type hierarchy wlicrc a child class overrides a mctln)d and adds a new method; 

[Ada] 

type Root is tagged record 
FI ; Integer; 
end record; 


procedure Method_l (Self : F<oot); 


type Child is now Root with record 
r2 ; Integer; 
end Child; 

overriding 

procedure Method_l (Self i Child); 
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c1a«9 I 

pul' I if, ; 

I«t r 1 1 

wrturtl voivt ri>«!t tivvll ()J 


class Chiltt ; public Hoot | 
public : 

Int t2; 

virtual void {) } 

virtual void mothod2 {); 


public class Root { 
public int fl; 
public void mothodl (); 


public class Child extends Root { 
public int f2; 

@Override 

public void methodl (); 
public void method^ (); 


Like Java, Ada primilivcs on lagged lypcs are always subject lo dispatching; there is no need to mark diem virtuaJ, 
Also like Java, there’s an optional keyword overriding to ensure that a method is indeed overriding something 
from the parent type. 

Unlike many other OOP languages, Ada dilTereniialcs between a reference to a specific tagged type, and a ref¬ 
erence to an entire tagged type hierarchy. While Roo! is used to mean a specific type. RoorClass—z class-wide 
type—refers to cither That type or any of its descendants. A method using a parameter of such a type cannot be 
overridden, and must be passed a parameter w'hosc type is of any o{ Root s descendants (including Root itself). 

Nexl we'll take a kx)k at how each language finds the appropriate mcthcxl to call within an CX) class hicraichj; 
that is their dispatching rules. In Java, calls to non-private instance methods are alu-ays dispatching. The only 
case where static selection of an instance method is possible is when calling from a method to the super vcrsioo. 

In C++, by default, calls to virtual methods arc always dispatching. One common mistake is to use a by-copj 
parameter hoping that dispatching will reach the real object. For example: 

void proc (Root p) { 
p. methodl 0; 

} 


Root V new Child 0; 


proc {*v); 



1 TVicx t'all tn nroc makCS 3 COPV of ihC RoOt plTl of l\ SO UtSiifc 
in the above ccxle. p.methodl 0 w. 1 "ot dtsp^ch. T^e ^ to behavior may be sf«dned by 

proc, *p.mclh()dl'*‘() refers to the ♦method !♦() of the root oojcci, 

using a reference instead of a copy: 

void proc (Root S p) { 
p.methodl (); 

} 

Root V now Child O ; 
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proc (*v); 


In Ada. lagged types arc always passed by reference but dispaiching only occurs on 
ing Ada code is eijuivaicnl t(> tlie latter C++ example. 


class-wide types. 'I hc follow. 


declare 

procedure Proc (P * Root'Cia35i) is 
begin 

P.Method_l; 
end; 


type Root__Access is access all Root' 

V : Root_Access new Child; 
begin 

Proc (V.all); 
end; 

Dispaiching from within primilives can gel tricky. Let’s consider a call to Method^I in the implementation of 
MethodJl, The first implementation that might come to mind is: 

procedure Method_2 (P : Root) is 
begin 

P.Method_l; 
end; 


However, Method^! is called with a parameter that is of the definite type Root. More precisely, it is a definite view 
of a child. So, this call is not dispaiching; it will always call P of Root even if the object passed is a child of Root. 
To fix this, a view conversion is necessary: 

procedure Method_2 {P : Root) is 
begin 

Root'Class (P).Method_l; 
end; 


This is called “redispalching.” Be careful, because this is the most common mistake made in Ada when using 
OOP. In addition, it s possible to convert from a class wide view to a definite view, and to select a given primitive, 
like in C-H-: 

[Ada] 

procedure Proc (P : Root'Class) is 
begin 

Root (P).Method_l; 
end; 


[C++] 

void proc (Root & p) { 
p.Root;imethodl (); 

} 


8.3 Constructors and Destructors 


''T'; “r “I “-y “S C.W ami Java, ta Ihcn: is anala£Oas 

functionality in Ada in the form of default initialization and finalization. 


Default initialization may be specified for a record component and will 
assigned a value at initialization. For example: 


occur if a variable of the record type is not 


type T is tagged record 

F : Integer Compute_Default_P; 
end record; 
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function Conpiirc'_Oe Lault return Integer is 
begin 

Put_Li ne ( ” Coruputi? ” ) / 
return 0; 

end Computc^Default_F; 

VI : T; 

V2 : T (V => 0) ; 

In Ihe declaration of VI, TF receives a value computed by the subprogram Compute ^Defaiilt^F, Tliis is pari of 
the default initialization. V2 is initialized manually and thus will not u.se the default initialization. 

For additional expressive power, Ada provides a type called Adn.Finalization.Controlled from which you can 
derive your own type. Tlien, by overriding the Initialize procedure you can create a constructor for ihe type; 

type T is new Ada.Finalization.Controlled with record 
F : Integer; 
end record; 

procedure Initialize (Self : in out T) is 
begin 

Put_Line (’’Compute") ; 

Self.F := 0; 
end Initialize; 


VI : T; 

V2 : T (V => 0) ; 



such as calling the parent’s initialization routines. 



to be automatically invoked for you. 



Controlled types also provide tunctior 
ation, and are useful for defining type 
reference count reclamation strategy). 


8.4 Encapsulation 


level for C++ and Java. Ada encapsulation occurs at the package level and targets all 
as opposed to only methods and attributes. For example: 


While done at the class le 
entities of the language, as 

[Ada] 


package Pek is 

type T is tagged private; 
procedure Methodl (V : T); 
private 

type T is tagged record 
FI, F2 ; Integer; 
end record; 

procedure Method2 (V : T); 
end Pek; 


IC++J 

class T ( 


public: 


virtual void methodl 0; 
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protected; 

int fl, f2; 

virtual void method2 (); 

}; 

[Java] 

public class T { 

public void methodl (); 
protected int fl, f2; 
protected void method2 {); 

} 

The C++ and Java code’s use of protected and the Ada code’s use of private here demonstrates how to map the 
concepts between languages. Indeed, the private part of an Ada child package would have visibility of the priva^ 
part of its parents, mimicking the notion of protected. Only entities declared in the package body are complet l 
isolated from access. ^ ^ 


8.5 Abstract Types and Interfaces 

Ada, C++ and Java all olTer similar functionality in terms of abstract classes, or pure virtual classes. It is necessar)’ 
in Ada and Java to explicitly specify whether a tagged type or class is abstract, whereas in C++ the presence of a 
pure virtual function implicitly makes the class an abstract base class. For example: 

[Ada] 

package P is 

type T is abstract tagged private; 

procedure Method (Self : T) is abstract; 
private 

type T is abstract tagged record 
F2 : Integer; 
end record; 

end P; 

IC++] 

class T { 
public: 

virtual void method () « 0; 
protected: 

int fl, f2; 

}; 

[Java] 

public abstract class T { 

public abstract void methodl () ; 
protected int fl, f2; 

All abstract methods must be implemented when implementing a concrete type based on an abstract type- 

Ada doesn’t offer multiple inheritance the way C++ does, but it does support a Java-like notion of interfa«s. 
interface is like a C++ pure virtual class with no attributes and only abstract members. While an Ada tagg^ > 
can inherit from at most one tagged type, it may implement multiple interfaces. For e.xamplc; 

lAda] 
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type Hoot is tagged record 
ri : Integer; 
end record; 

procedure Ml (Self : Root); 

type li is interface; 

procedure M2 (Self : li) is abstract; 

type 12 is interface; 

procedure M3 (Self : 12) is 2dD3tract; 

type Child is new Root and II and 12 with record 
F2 : Integer; 
end record; 

— i'll i/TTpi I cl c 1V 1 nhejrl ted Joy Cr 1 ^ d 
procedure M2 (Self : Child); 
procedure M3 (Self : Child); 

[C++] 

class Root { 
public: 

virtual void Ml(); 
int fl; 

}; 


class II { 
public: 

virtual void M2 () = 0; 


class 12 { 
public: 

virtual void M3 () ~ 0; 

}; 


class Child : public Root^ Ilf i 
public: 
int f2; 

virtual void M2 (); 
virtual void M3 (); 

}; 

[Java] 

public class Root { 
public void Ml(); 
public int fl; 

} 

public interface II { 

public void M2 0 =0; 

publiai^^asp^I2 { 

piiblic^wid M3 () ^ 0} 

} 

public class Child extends Root iii 5 )lements 11/ 12 ( 
public int f2; 
public void M2 () ; 
public void M3 0; 


8.5* Abstract Types and Interfaces 
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8.6 Invariants 


Aliy privaic type in Ada may be associated with a Typejnvonant contract. An invariant is a property of a type 
that must always be true after the return from of any of its pninitivc subprograms, ilje invariant might not f* 
maintained during (he execution of the primitive subprograms, but will be true after the return.; I^t s take tl..; 


following example; 

package Int_List__Pkg is 

type Int_List (Max_Length : Natural) is private 
with Type_Invariant =*> Is_Sorted {Int_List); 

function Is_Sorted (List : Int__List) return Boolean; 

type Int_Array is array (Positive range <>) of Integer; 

function To_Int_List (Ints : Int_Array) return Int__List; 

function To_Int_Array (List : Int_List) return Int__Array; 

function "i.” (Left, Right : Int_List) return Int_List; 


... — Other subprcgrar\s 

private 


type Int_List (Max_Length : Natural) is record 
Length : Natural; 

Data : Int_Array (1. .Max__Length) ; 
end record; 


function Is_Sorted (List : Int_List) return Boolean is 
(for all I in List .Data'First .. List. Length-1 =*> 

List.Data (I) <- List.Data (Ii-1)); 

end Int__List_Pkg; 

package body Int_List_Pkg is 

procedure Sort (Ints : in out Int_Array) is 
begin 

... Your favorite sorting algorithm 
end Sort; 

function To_Int_List (Ints : Int_Array) return Int_List is 
List : Int_List 
(Max_Length => Ints'Length, 

Length -> Ints'Length, 

Data => Ints); 

begin 

Sort (List.Data); 
return List; 
end To_Int_List; 

function To_Int_Array (List : Int_List) return Int Ar-av is 
begin " 

return List.Data; 
end To_Int_Array; 
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function i.«turn l« 

Intft ^ l(it..A»SJV I" V ni(jht .li.ii.ij 

bugin 

S^irt tlrivai; 

raturn Vo,^Int..(>l3t -IritOj 
and "i"; 

.'I tiki- 

and 

Tlw h,Si>rtf(i fin'CliiMi checks ituii llic ty|x’ Mays coiisisicnt. I( ssill K’ called at the exit o| eveiy priiiiilivc uIhivc. 
U is ponnissihlc il the c«)ixli)i<>iis ol ihe iinariaiK uien’i inel shinny csecuiioii nl the pnmliive. In lojntjist (or 
example, if the source array is nor in virtcsl otUcr. the invarianl ns III nor Iv sarishesl at the "Ivyin”, hut it svill Iv 
cliccked at the end. 
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CHAPTER 

NINE 


GENERICS 


Ada. C++, and Java all have support for generics c 
template can be applied to a class or a function. So 


a subprogram. 


or templates, but on different sets of language entities. A C++ 
3 can a Java generic. An Ada generic can be either a package or 


9.1 Generic Subprograms 

A feature that is similar across all three languages is the subprogram. To swap two objects: 


[Ada] 

generic 

typ® A_Type is private; 

procedure Swap (Left, Right : in out A_Type) is 
Temp : A_Type := Left; 
begin 

Left := Right; 

Right :== Temp; 
end Swap; 


[C++] 


template <class AType> 

AType swap (AType & left, AType & right) { 
AType temp = left; 
left = right; 
right = temp; 


[Java] 


public <.iVType> void swap (AType left, AType right) ( 
AType temp = left; 
left *= right; 
right = temp; 


And examples of using these: 

[Ada] 

<^eclare 

type R is record 

f'lf F2 : Integer; 

®nd record; 

procedure Swap_R is new Swap (R) ; 
A. B : R; 
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begin 

Swap_R (A, B); 

end; 

[C++1 

class R { 
public: 

int fl, f2; 

}; 

R a, b; 
swap (a, b); 

[Java] 

public class R { 

public int fl, f2; 

} 

R a new R () , b ^ new R {) ; 
swap (a, b); 

The C++ lemplatc and Java generic bolh become usable once defined. TTie Ada generic needs to be explicitly 
instantiated using a local name and the generic s parameters. 


9.2 Generic Packages 


Next we’re fioinc to create a generic unit containing data and subprograim. In Java or C++, this is done through 
a diriik in Ada. it’s a "eneric package’. The Ada and C++ model is fundamentally different from Jhe 
Java model. Indeed, upon instantiation. Ada and C++ generic data are duplicated; that is. if they contain globa 
variables (Ada) or static attributes (C++), each instance will have its own copy of the vanablc, properly typ^ and 
indenendent from the others. In Java, generics arc only a mechanism to have the compiler do consistency checks, 
but all instances arc actually sharing the same data where the generic parameters are replaced by javaJang.Object. 
Let’s look at the following example: 


[Ada] 

generic 

type T is private; 
package Gen is 

type C is tagged record 

V : T; 
end record; 

G ; Integer; 
end Gen; 


[C-H-1 

template <class T> 
class C{ 
public: 

T v; 

static int G; 

}; 

[Java] 

-------- Chapters. Generics 
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c 




public static int G; 


1 

M . 1 . I' KL's Jicfc’s an instance varial)le (v) and a static variable (C). Let’s now look at the behavior (and 

In illl * 

,ax) of those three instantiations: 


syilias) 
I Ada) 


declat® 

package 

package 

subtype 

package 

begin 

11. G 

12. G :* 

13. G 


11 is now Gen (Integer); 

12 is new Gen (Integer); 
StrlO is String (1..10); 

13 is new Gen (StrlO); 


0 ; 

1 ; 


end; 


[C++] 

C <int>; :G ” 0; 

C <int>;:G “ 1; 

C <char ♦>:;G ” 2; 


[Java] 

C.G = 0; 

C.G = 1; 

C.G = 2; 

In the Java case, we access the generic entity directly without using a parametric type. This is because there’s 
really only one instance of C, with each instance sharing the same global variable G. In C++, the instances are 
implicit, so it’s not possible to create two different instances with the same parameters. The first two assignments 
arc manipulating the same global while the third one is manipulating a different instance. In the Ada case, the 
three instances arc explicitly created, named, and referenced individually. 


9.3 Generic Parameters 


Ada offers a wide variety of generic parameters which is difficult to translate into other languages. The parameters 
used during instantiation—and as a consequence those on which the generic unit may rely on may varia es, 
types, or subprograms with certain properties. For example, the following provides a sort algorithm for any m 
of array: 


generic 

type Component is private; 
type Index is (<>); 

with function (Left, Right : Component) return Boolean; 

type Array__Type is array (Index range <>) of Component; 
procedure Sort (A : in out Array_Type); 



. A WJ IVOVI TWVi v#. ^ ... -- 

generic parameter and the beginning of the generic subprogram. 

Here is a non-exhaustive overview of the kind of constraints that can be pul on types, 
type 


T is private; 
'"yPe T «>) 


T is a constrained typtf/ such as Integer 
is private; — T can be an unconstrained type, such 


as String 


Generic Parameters 
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type T is tagged private; -** T is 3. tiiijgcd type 

type T is new T2 with private; -- T 2 S d:: exrr2 

type T is {<>); — : d disdiere type 

type T is range <>; -- T is an integer type 

type T is digits c>; — 7 is a floating point type 

type T is access T2; 7 is an access type, 72 is its designated type 
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CHAPTER 

TEN 


EXCEPTIONS 


Exceptions are a mechanism for dealing with run-time occurrences that arc rare, that usually correspond U, 
(such as improperly formed input data), and whose occurrence causes an unconditional transfer of cLtrol. 


10.1 standard Exceptions 


Compared with Java and C-H+. the notion of an Ada exception is very simple. An exception in Ada is an object 
whose type is exception, as opposed to classes in Java or any type in C++. The only piece of u.ser dau that 
can be associated with an Ada exception is a Siring. Basically, an exception in Ada can be raised, and it can be 
handled; information associated with an occurrence of an exception can be interrogated by a handler. 


Ada makes heavy use of exceptions especially for data consistency check failures at run time. These include but 
arc not limited to, checking against type ranges and array boundaries, null pointers, various kind of concurrency 

properties, and functions not returning a value. For example, the following piece of code will raise the exception 
ConstraintjErwr. ^ 


procedure P is 

V : Positive; 
begin 

V -1; 
end P; 


In the above code, we’re trying to assign a negative value to a variable that’s declared to be positive. The range 
check takes place during the assignment operation, and the failure raises the Constraint_Error excepUon at that 
point. (Note that the compiler may give a warning that the value is out of range, but the error is manifest as a 
nin-time exception.) Since there is no local handler, the exception is propagated to the caller; if P is the main 
procedure, then the program will be terminated. 

Java and C++ throw and catch exceptions when trying code. All Ada code is already implicitly within trv' blocks 
and exceptions are raised and handled. 

[Ada] 

begin 

Some_Call; 

®xception 

when Exception_l => 

Put_Line ("Error 1"); 
when Except ion_2 .=> 

Put_Line ("Error 2"); 
when others => 

end. ("Unknown error"); 

[C++] 
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try { 

someCall (); 

} catch (Exceptionl) { 

cout << "Error I" << endl; 

} catch (Exception2) { 

cout << "Error 2" << endl; 

} catch (. . ,) { 

cout << "Unknown error” << endl; 

} 

[Java] 
try { 

someCall (); 

} catch (Exceptionl el) { 

System,out.println ("Error 1"); 

} catch (Exception2 e2) { 

System.out.printIn ("Error 2"); 

} catch (Throwable e3) { 

System.out.printIn ("Unknown error"); 

} 

Raising and throwing exceptions while within an exception handler is permissible in all three languages. 


10.2 Custom Exceptions 

Custom exception declarations resemble object declarations, and they can be created in Ada using the exception 
keyword: 

My_Exception : exception; 

Your exceptions can then be raised using a raise statement, optionally accompanied by a message following the 
with reserved word: 

[Ada] 

raise My_Exception with "Some message"; 

[C++] 

throw My__Exception ("Some message"); 

[Java] 

throw new My_Exception ("Some message"); 

Language defined exceptions can also be raised in the same manner: 
raise Constraint_Error; 
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CHAPTER 


ELEVEN 


CONCURRENCY 


11.1 Tasks 


Java and Ada both provide support for concurrency in the language. The C++ language has added a concurrency 
facility in its most recent revision, C++11, but we arc assuming that most C++ programmers are not (yet) familiar 
with these new features. We thus provide the following mock API for C++ which is similar to the Java Thread 
class: 

class Thread { 
public: 

virtual void run (); // code to execute 

void start (); // starts a thread and then call run () 

void join (); // waits until the thread is finished 

}; 

Each of the following examples will display the 26 letters of the alphabet twice, using two concurrent ihreads/iasks. 
Since there is no synchronization between the iw'o threads of control in any of the examples, the output may be 
interspersed. 

[Ada] 

procedure Main is — implicitly called by the environment task 
task My_Task.; 

task body My_Task is 
begin 

for I in 'A' .. 'Z' loop 

Put_Line (I); 
end loop; 
end My^Task; 
begin 

for I in 'A' .. 'Z' loop 

Put_Line (I); 
end loop; 

®nd Main; 

[C^j 

class MyThread : public Thread ( 
public; 


void run () { 

^or (char i = 'A'; i <= 'Z'; ++i) { 
cout « i « endl; 
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MyThroad myTask/ 
myTfisk.start {); 

for (char i 'A'; i 'Z'; ^ 

cout << i endi; 

} 

myTask.join (); 

} 

[Java] 

public class Main { 

static class MyThroad extends Thread ( 
public void run () { 

for (char i “ 'A'; i <« '7/; + + i) { 
System.out.print in (i); 


public static void main (String args) i 
MyThread myTask - new MyThread ()/ 
myTask.start (); 


for (char i - 'A'; i <» 'Z'; ^+i) { 

System.out.print In (i); 

} 

myTask.join (); 

} 

} 


Any number of Ada tasks may be declared in any declarative region. A task declaration is very similar to a 
procedure or package declaration. They all .start automatically when control reaches the begin. A block will not 
exit until all sequences of statements defined within that .scope, including those in tasks, have been completed. 

A task type is a generalization of a task object, each object of a task type has the same behavior. A declared object 
of a task type is started within the scope where it is declared, and control docs not leave that scope until the task 
has terminated. 


An Ada task type is .somewhat analogous to a Java Thread subclass, but in Java the instances of such a subclass are 
always dynamically allocated. In Ada an instance of a task type may cither be declared or dynamically allocated. 


Task types can be parametrized; the parameter serves the same purpose as an argument to a constructor in Java 
The following example creates 10 tasks, each of which displays a subset of the alphabet contained between the 
parameter and the ‘Z’ Character. As with the earlier example, since there is no synchronization among the tasks 
the output may be interspersed depending on the implementation’s task scheduling algorithm. 


[Ada] 


task type My_Task (First : Character); 


task body My_Task (First : Character) is 
begin 

for I in First .. ' Z' loop 
Put_Line (I); 
end loop; 
end My_Task; 

procedure Main is 

Tab : array (0 9) of My_Task ('G'); 

begin 
null; 
end Main; 
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[C++] 

class MyThread : public Thread ( 

public: 

char first; 
void run () { 

for (char i - first; i <» 'Z'/ { 

cout << i << endl; 

} 

} 


void main (int argc, char ** argv) { 
MyThread tab [10]; 

for (int i = 0; i < 9; ++i) { 
tab [i].first = 'G'; 
tab [i].start (); 

} 

for (int i = 0; i < 9; -i- + i) { 
tab [i].join (); 

} 

} 

[Java] 

public class MyThread extends Thread { 
p\iblic char first; 

public MyThread (char first) { 
this. first = first; 

} 

public void run () { 

for (char i = first; i <= 'Z'; ++i) { 

cout << i << endl; 

} 

} 


public class Main { 

public static void main (String args) { 
MyThread (] tab = new MyThread [10]; 

for (int i = 0; i < 9; { 

tab [i] = new MyThread ('G'); 
tab [i].start (); 

} 

for (int i “ 0; i < 9; ++i) ( 
tab [i].join (); 


} 

} 

In Ada a task may be allocated on the heap as opposed to tlte stack. The task will then start a.s soon a.s it has been 
^nninates when its work is completed. This model is probably the one that s the nK>st similar to 

[Ada] 


Tasks 
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type PLr_Task is access My_Tdsk; 

procedure Mciin is 
T : Ptr^Task; 
begin 

T new My^Task ('G'); 
end Main; 

[C++] 

void main (int arge, char argv) { 
MyThread t new MyThread {); 
t.first - 'G'; 
t.start 0; 

} 

[Java] 

public class Main { 

public static void main (String args) { 
MyThread t = new MyThread ('G'); 

t.start (); 

} 

} 


11.2 Rendezvous 


A rendezvous is a synchronization between two tasks, allowing them to exchange data and coordinate execution. 
Ada’s rendezvous facility cannot be modeled with C++ or Java without complex machinery. Therefore, this section 
will just show examples written in Ada. 

Let’s consider the following example: 

with Ada.Text^IO; use Ada.Text_IO; 

procedure Main is 

task After is 
entry Go; 
end After ; 

task body After is 
begin 

accept Go; 

Put_Line ("After"); 
end After; 

begin 

Put_Line ("Before"); 

After.Go; 
end; 

The Go entry declared in After is the external interface to the task. In the task body, the accept statement causes the 
task to wait for a call on the entry. This particular entry and accept pair doesn’t do much more than cause the task 
to wait until Moin calls After.Go. So, even though the two tasks start simultaneously and execute independently, 
they can coordinate via Go. Then, they both continue execution independently after the rendezvous. 

The entry/accept pair can take/pass parameters, and the accept statement can contain a sequence of statements; 
while these statements are executed, the caller is bkx:ked. 

Let’s look at a more ambitious example. The rendezvous below accepts parameters and c.\ccuics some code; 
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^ith Ada.Text_IO; Aoa .Text_IO; 

procedure Main -ls 

task After is 

entry Go (Text : String); 
end After t 

task body After is 
begin 

accept Go (Text : String) do 
Put^Line ("After: " s Text); 
end Go; 
end After; 

begin 

Put_Line ("Before"); 

After.Go ("Main") ; ; 
end; 

In ihe above example, the Put_Lme is placed in the accept statement. Here’s a possible execution trace, assuming 
a uniprocessor: 

1. At the begin o{ tusk After is sturted und the muin procedure is suspended. 

2. After reaches the accept statement and is suspended, since there is no pending call on the Go entry. 

3. The main procedure is awakened and executes the PutJLine invocation, displaying the string “Before”, 

4. The main procedure calls the Go entry. Since After is suspended on its accept statement for this entry, the 
call succeeds. 

5. Tha main procedure is suspended, and the task After is awakened to execute the body of the accept state¬ 
ment. The actual parameter “Main” is passed to the accept statement, and the PutJLine invocation is 
executed. As a result, the string “After: Main” is displayed. 

6. When the accept statement is completed, both the After task and the main procedure are ready to run. 
Suippose that the Main procedure is given the processor. It reaches its end, but the local task After has not 
yet terminated. The main procedure is suspended. 

7. The After task continues, and terminates since it is at its end. The main procedure is resumed, and it too can 
terminate since its dependent task has terminated. 

The above description is a conceptual model; in practice the implementation can perform various optimizations to 
^void unnecessary context switches. 


Selective Rendezvous 

accept statement by itself can only wait for a single event (call) at a time. The select statement allows a task 
listen for multiple events simultaneously, and then to deal with the first event to occur. This feature is illustrated 

y die task below, which maintains an integer value that is modified by other tasks that call Increment, Decrement, 
and Get: 


Counter is 
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acaloct 

accept Increment: do 
Value Value t- 1; 
end Increment; 


or 

accept Decrement do 
Value : Value 1; 
end Decrement; 


or 

accept Get (Result : out Integer) 
Result :« Valued- 
end Get; 
or 

delay 1.0 ★ Minute; 
exit; 

end select; 
end loop; 
end Counter; 


do 


When ihe task’s slalemenl How reaches the select, it will wait for all four events—three entries and a delay— 
in parallel. If the delay of one minute is exceeded, the task will execute the statements following the delay 
statement (and in this case will exit the loop, in effect terminating the task). The accept bodies for the Increment, 
Decrement, or Get entries will be otherwise executed as they’re called. These four sections of the select statement 
are mutually exclusive: at each iteration of the loop, only one will be invoked. This is a critical point; if the task 
had been written as a package, with procedures for the various operations, then a “race condition” could occur 
where multiple tasks simultaneously calling, say, Increment, cause the value to only get incremented once. In the 
tasking version, if multiple tasks simultaneously call Increment then only one at a time will be accepted, and the 
value will be incremented by each of the tasks when it is accepted. 

More specically, each entry has an associated queue of pending callers. If a task calls one of the entries and 
Counter is not ready to accept the call (i.e., if Counter is not suspended at the select statement) then the calling 
task is suspended, and placed in the queue of the entry that it is calling. From the perspective of the Counter task, 
at any iteration of the loop there arc several possibilities: 


• There is no call pending on any of the entries. In this case Counter is suspended. It will be awakened by the 
first of two events: a call on one of its entries (which will then be immediately accepted), or the expiration 
of the one minute delay (whose effect was noted above). 


There is a call pending on exactly one of the entries. In this case control passes to the select branch with 
an accept snnemem for that entry. The choice of which caller to accept, if more than one, depends on the 
quenthg policy, which can be specilled via a pragma delined in Ihe Real-Time Systems Annex of the Ada 
standard; the default is First-In First-Out. 


• There are calls pending on more than one entry. In this case one of the entries with pending callers is chosen 
and then one of the callers is chosen to be de-queued (the choices depend on the qLueinI policy) 


11.4 Protected Objects 


mahcs t^ cffoct m^ cxpllmt. A protected ^cetL a 

likTnT objlct, aTd fnea'pZZ ensum! ^ ' 

protected operations. ^ components are through the 


Two kinds of operations can be performed on such objects: read-write 
read-only operations by functions. The lock mechanism is implemented 
read operations but not concurrent write or read/write operations. 


operations by procedures or entries, and 
so that it s possible to perform concurrent 


Let’s reimplement our earlier tasking example with a protected object called Counter 
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/.rad Couftei i» 

Gft return Integer; 

procedure tr.cr^mer.u ; 

procedure Doci-.*tT>en., 
end counter; 

elected body Counter is 
^function Cet return Integer is 

begin 

return Value; 
end Got; 


procedure Incre;r.ent is 
begin 

Value Value 1; 
end Incror\ont; 


procedure Decrement is 
begin 

Value Value “ 1; 
end Decrement; 
end Counter; 

Havins two completely different ways to implement the same paradigm might seem complicated. However, in 
practia' the actual problem to solve usually drives the choice between an active structure (a task) or a passive 

stnicturc (a protected object). 

A protected object can be accessed through prefi,\ notation: 


Counter.Increment; 

Counter.Decrement; 

?ut_Line {Integer'Image (Counter.Get)); 


A praected objm may look like a paekage aynlaclically. since 11 comains 
lemally ming pmOx nolalion. However. Ite declaration ol a pratecled objecl' “ 

no public data is allowed, no types I* “'tCual l«k^M Snnranlee^ mulual cxclnsion; ihcre Is 

critical semantic distinction: a protected object has a concep 

no such lock for a package. 

Like tasks, IPs possible to declam prolecled types lhal can be inslanlialed sevemi limes. 


declare 

protected type Counter is 
-- as above 
end Counter; 


protected body Counter is 

as above 
end Counter; 

i Counter; 

- Counter; 

^egin 

^1V Increment; 

Decrement; 


«nd; 


r. • s an ‘VniT)'uwncwhai 

and types can declare a prtKcdurc-likc in order fw the cntr> imwaiKKi 

* ar lo a procedure but includes a so-called barrier condition t jj-^nire the l 4 H:k cm dw object, and then 

'"'•alumTii.?"'"® ** :* Tf mScr will e.xccuie the entry’iHxJy. If Uw condition is 

the barrier condition. If the condition is true then the c 
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false, then the caller is placed in the queue for the entry, and relinquishes die lock. HaiTicr conditions (for entries 
with non-empty queues) are reevaluated upon completion of protected procedures and protected entries. 

Here’s an example illustrating protected entries: a protected type that models a binary semaphore / persistent 
signal. 

protected type Binary_Semaphore is 
entry Wait; 
procedure Signal; 
private 

Signaled : Boolean := False; 
end Binary_Semaphore; 

protected body Binary_Semaphore is 
entry Wait when Signaled is 
begin 

Signaled := False; 
end Wait; 

procedure Signal is 
begin 

Signaled := True; 
end Signal; 
end Binary_Semaphore; 

Ada concurrency features provide much further generality than what’s been presented here. For additional infor¬ 
mation please consult one of the works cited in the References section. 
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CHAPTER 


TWELVE 



LOW LEVEL PROGRAMMING 


12.1 R6pr0S6ntation Claus6s 


We’ve seen in the previous chapters how Ada can be used to describe high level semantics and architecture. Tlic 
beauty of the language, however, is that it can be used all the way down to the lowest levels of the development, 
including embedded assembly code or bit-level data management. 

One very interesting feature of the language is that, unlike C, for example, there are no data representation con¬ 
straints unless specified by the developer. This means that the compiler is free to choose the best trade-off in terms 
of representation vs. performance. Let's start with the following example: 


[Ada] 


type R is record 

V : Integer range 0 ,. 255; 
B1 : Boolean; 

B2 : Boolean; 
end record 
with Pack; 

[C++1 

struct R { 

unsigned int v:8; 
bool bl; 
bool b2; 


}; 


[Java] 

public class R { 
public byte v; 
public boolean bl; 
public boolean b2; 


The Ada and the C-H- code above both represent efforts to create an object that’s as small as |wssible. Controlling 
is not possible in Java, but the language docs specify the size of values for the primitive types. 



ICCvJJu lllUl tliw 

Olh *icce.ssing record components. 

^'Jireniems **^*'*^^'^" hie specified as well, along with o 

terms of available values and specified sizes. This is 


particularly useful when a specific layout is 
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Aclil (or tl)(| Q|,^ 0J JtWrt Oovolopoti MolliilftO t o 


tu%H->i!40i y i loi 4 ‘XiMhiplv* when inieihu iii|? wiili ImuKviiiv, a drivci, la a conununicarjon pnnocol. Here’s how to 
lly a ^pceilu’ daia laynni hiiu**! on ihe putvious example: 

typ^ ta cl 

V I I ht o 4 . 

0 ) ^ lint I I iiMii ^ 

h:^ \ ramUirth/ 

Mini I't^oortO 

tor H imti ranord 

t‘. ,n/M‘ f t.^lt .,•/ t hif t i! i^ytr‘. 

\\\ at 0 rangiD 0 . . O; 

Oi'i'iifyy t l}i> lir.f ' h t i y- af f/»»• t i t r*1 l>yt.O/ 

.r.- wr-tl f hi' {ii y( hit y>I f/)<• Sty'ot)d tn’t.o, 

V At rAorjii I , . H; 

^''fh/ hit (•/ f/j»f yi'Cnnii 

h.! At I rAiiQA I . . I ; 

Mn(i rAOord; 

Wo omil Ihc wHIi /V/c A tlhvclivo and instead use a record representation clause following the record declaration. 
The contpllor is directed to spread ohjeets of type R across two bytes. The layout we’re specifying here is fairly 
inellicicnt to \vt>rk with on any niactiine, hut you can have the compiler construct the most efficient methods for 
access, rather than coding your own machine-dependent bit-level methods manually. 


12.2 Embedded Assembly Code 

When pcrlorming low-level development, such as at the kernel or hardware driver level, there can be times when 
it is necessary to implement functionality with assembly code. 

livery Ada compiler has its own conventions for embedding assembly code, based on the hardware platform and 
the supported assembler(s). Our examples here will work with GNAT and GCC on the x86 architecture. 

All xH6 processors since the Intel Pentium offer the rdtsc instruction, which tells us the number of cycles since the 
last processor reset. It takes no inputs and places an unsigned 64 bit value split between the edx and eax registers. 

GNAT provides a subprogram called System,MachmeJ2()de,Asm that can be used for assembly code insertion. 
You can specify a string to pass to the assembler as well as soume-level variables to be used for input and output: 

with Sy:itom.M.ichino_Codo; uao Systom.Machino^Code; 
with Intorfacon; U30 Interfaces; 

function Got.^Procesaor^Cycles return Unsigned_64 is 
Low, High : (Jn:iignod_32; 

Counter : Unn.ignod_64 ; 

begin 

Asm ( " rcitrjC!” , 

Outputs -> 

(Unoi gnod_32'A:jm_Outpiit ("-d", High), 

Un.'iJ gnecJ_32'At;m_Output C'-d'*, Low)), 

Voiatilo True); 

Counter 

Un,*i 1 giV3d_64 (High) * 2 •• 32 
Unnign«d_64 (Low); 

return Countc^r; 
end Got J^rocosrior^CycIoa; 

'f‘he Unsi\iucd^d2*AsmjOutimt clauses above provide associations between machine registers and .wurce-lcxtl 
variables to be u|Kjatcd, *-tt*" and ”=d” refer to the mv and cdx macliine registers, respcctivxdy, TIk use ot' the 
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. j2 anti Ironi jMcka^t.* Intrffaty\ ciuiiict antaj rcf^/rtcnl^lM;// </f Oft: Jala 

^scinhlcT^^^^ 32-bit valuer U) (onn a single M bit value, 

Wi* set the Volatile parameter to True to tell the compiler that iiivokliiM ihin iu^limih/u mijilple ttft¥:% y/ilb ilei 
noie inputs can result in diflerent outputs. 1 his eliminates the fKmihiljly that the i nmfnkt v/i)| ofHhni/A: mtJhpk 

With optimisation turned on, the GNA'I compiler is snwri cnou>?fi to use the r//t and /v/r rei{islers h; hnpl*;/f>enl 
the variables, resulting in zero tjveihead lor the assembly inierlate, 

Xhe machine code insertion interlace provides many tcatures licyond what was slarw/i here. More inl<>fmah'>n tan 
be found in the GNAT User s Guide, and tlie GNAI Rcleiencc manual. 


12.3 Interfacing with C 

Much effort was spent making Ada easy to interface with other languages, 'Ihc Ittterfare,\ package hierarchy and 
the pragmas Convention, Import, and E.xport allow you to make intcr-languagc calls while observing proper data 
representation for each language. 

Let’s start with the following C code: 

struct my^struct { 
a, b : int; 

I; 


void call (my_struct ^ p) { 
printf ("Id", p->A); 

} 


To call that function from Ada, the Ada compiler requires a description of the data structure U) pass as well as a 
description of the function it.self. To capture how the C .struct my^xtruct is represented, we can use the h)llowing 
record along with a pragma Convention. Tlie pragma directs the compiler to lay out the data in menKiry the way 
a C compiler would. 

type my_struct is record 
A : Interfaces.C.int; 

B : Interfaces,C.int; 
end record; 

pragma Convention (C, my_struct); 


Describing a foreign subprogram call to Ada code is called “binding** and it is performed in two stages. I*irsl. an 
Ada subprogram specification equivalent to the C function is coded. A C function returning a value maps to an 
Ada function, and a void function maps to an Ada procedure. Tlicn, rather than implementing the subprogram 
^sing Ada code, wc use a pragma Import: 

procedure Call (V : my^struct); 

pragma Import (C, Call, "call"); Third orgunont. optional 


■^e Import pragma specifics that whenever Call is invokced by Ada code, il should invoke the call function with 
‘"eC calling convention. 

And that s all that’s necessary. Here’s an example of a call to Call: 


V ; 
^egin 
Call 
end; 


"'Y-Struct := (A 
(V); 


=•> 1 , 


B -> 2); 


^nidc *i Ada subprograms available to C code, and examples ol this can be found in the GNAT U.scr s 

• nterfacing with C++ and Java use implementation-dependent features liiat arc also available with GNAT. 


withC 
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CHAPTER 

THIRTEEN 


CONCLUSION 


.h. .Ki>al oaradiems of imperative programming can be found in all three languages Uiat we surveyed in this 
^ ^ However, Ada is different from Uie rest in that it’s more explicit when expressing properties and 
documen . » affords better communication among programmers on a 

between programmers and machines. You also get more assurance of the coherence of a program at 
? k Ada cm help reduce the cost of software maintenance by shifting the effort to creating a sound 
™ t= r'vorkins l,a«lor, anj a. greater expease. ,o r,x bags found later te 

Smsttody in prodaetion. Appllcalions thal have reliability needs, long term maintenance reqairements. or 
safciy/sccurity concerns are those for which Ada has a proven track record. 

. U -nc inrre-iMnelv common to find systems implemented in multiple languages, and Ada has standard 

It s becoming mcrtasiiioiy commo y ^ .w«<TmmcnnfI/nr reference data structures from other language 

for whal ifs best al. 

We hope this guide has provided some insight into the Ada softwwe engineer s world and has ma e 
accessible to programmers already familiar with programming m other languag . 
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